web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / CRM 2011 IFD Internal ...
Microsoft Dynamics CRM (Archived)

CRM 2011 IFD Internal URL on Google Chrome does not authenticates : 401-Unauthorized, access is denied.....

(0) ShareShare
ReportReport
Posted on by Pradeep Pawar 2,930

Hi There,

We are having an issue for CRM 2011 IFD Internal URL on Google chrome browser.

Everything works perfect on internet explorer, but when we go to chrome, External URL works fine, but If try for Internal URl in chrome then it asks for Credentials (Authentication popup) again and again and then fails with 401 Unauthorized : access is denied due to invalid credentials. Wherein credentials are perfect which works on IE, and work perfect with External URL form based authentication.

Note: We were using Proxy settings for Internet , this issue is coming after we bypassed proxy and started using Automatic detect proxy settings.

Regards,

Pradeep P.

*This post is locked for comments

I have the same question (0)
  • Verified answer
    Remon Profile Picture
    Remon 1,485 on at

    Hi Pradeep,

    Check this:

    http://www.agileit.com/news/disable-extended-protection-in-adfs-2-0-for-office-365-to-allow-ie-google-chrome-and-firefox-to-authenticate-using-ntlm/

    I think this will solve you issue,

    Good luck,

  • Pradeep Pawar Profile Picture
    Pradeep Pawar 2,930 on at

    Hi Remon,

    Definitely I will try this thing, I will need to have some downtime for this. I will update once done with this try. :)

    Regards,

    Pradeep P

  • Pradeep Pawar Profile Picture
    Pradeep Pawar 2,930 on at

    Thanks a ton Roman,

    It worked. :)

    Regards,

    Pradeep P.

  • Community Member Profile Picture
    Community Member on at

    It sounds to me like a trust issue rather than anything else. Your browser should not prompt for authentication when using the internal URL (especially if you are now bypassing the proxy server, which sounds like a good idea for this internal traffic).

    Have you added your ADFS server to your trusted sites?

    Have you done this via Group Policy? I'm not sure if that will only work with IE, or whether Chrome will pick it up as well (it will pick up trusted sites that are added manually, since they are stored in Windows' Internet Connection settings, but if added via GPO I suspect only IE is reading them).

  • Pradeep Pawar Profile Picture
    Pradeep Pawar 2,930 on at

    It is not deployed via GP.  And about ADFS in IE Trusted sites, I didnt try it. I just added Internal & External URL to trusted sites. To try it(ADFS in trusted sites) now I need to get back to previous settings for EPA, which would not be possible as of now, as I need to take Production down for some time to do this. But yeah I could have try this before.

    Pradeep P.

  • Remon Profile Picture
    Remon 1,485 on at

    Hi Adam,

    Here details on cause of the issue and the solution.
    technet.microsoft.com/.../hh237448(v=ws.10).aspx

    Certain client browser software, such as Firefox, Chrome, and Safari, do not support the Extended Protection for Authentication capabilities that can be used across the Windows platform to protect against man-in-the-middle attacks. To prevent this type of attack from occurring over secure AD FS communications, AD FS 2.0 enforces (by default) that all communications use a channel binding token (CBT) to mitigate against this threat.

    However, if it is important that browser clients that do not support Extended Protection for Authentication must be used in your organization, you will have to adjust a feature setting in AD FS 2.0 that will disable the CBT from being used over communications, which, in turn, may leave client credentials vulnerable to man-in-the-middle attacks.


    Hope this clarifies more.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans